def login():
"""
UserName Password Login
:return file: Either the homepage or the loginpage
"""
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('home'))
error = None
form = LoginForm(request.form)
if request.method == 'POST':
if form.validate_on_submit():
user = dbSession.query(User).filter(User.username == request.form['username']).first()
if user is not None and user.sso == "none":
password, salt = user.password.split(':')
if password == hashlib.sha256(salt.encode() + request.form['password'].encode()).hexdigest():
session['remember_me'] = form.remember_me.data
login_user(user)
dbSession.remove()
return redirect(request.args.get('next') or url_for('home'))
else:
error = 'Invalid password'
else:
error = 'Invalid username'
dbSession.remove()
return render_template('login.html', form=form, error=error)
def rest_delete_container(bucket_id):
"""
Deletes specified container
:param int bucket_id: The bucket to delete
:return file: 200 Page
"""
# 1. check if logged in user is owner of bucket
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
if int(g.user.get_id()) != bucket_id:
return "403" # Forbidden
# ATT: all files in bucket must be deleted in db # can be replaced via bulkrequest, but this needs more attention, because errors are made easily and db could be out of synch [foreign keys and so on]!
files_in_bucket = dbSession.query(Userfile).filter(Userfile.folder == bucket_id)
for content in files_in_bucket:
connectors = dbSession.query(UserUserfile).filter(UserUserfile.userfile_id == content.id)
for connect in connectors:
dbSession.delete(connect)
dbSession.delete(content)
user = dbSession.query(User).filter(User.id == bucket_id).first()
dbSession.delete(user)
dbSession.commit()
storageinterface.delete_container(bucket_id)
dbSession.remove()
return "200"
def shutdown_session(exception=None):
"""
Shuts down the database session
:param Exception exception: Won't get used here
"""
dbSession.remove()
def shutdown_session(exception=None):
"""
Shuts down the database session
:param Exception exception: Won't get used here
"""
dbSession.remove()
def rest_delete_container(bucket_id):
"""
Deletes specified container
:param int bucket_id: The bucket to delete
:return file: 200 Page
"""
# 1. check if logged in user is owner of bucket
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
if int(g.user.get_id()) != bucket_id:
return "403" # Forbidden
# ATT: all files in bucket must be deleted in db # can be replaced via bulkrequest, but this needs more attention, because errors are made easily and db could be out of synch [foreign keys and so on]!
files_in_bucket = dbSession.query(Userfile).filter(
Userfile.folder == bucket_id)
for content in files_in_bucket:
connectors = dbSession.query(UserUserfile).filter(
UserUserfile.userfile_id == content.id)
for connect in connectors:
dbSession.delete(connect)
dbSession.delete(content)
user = dbSession.query(User).filter(User.id == bucket_id).first()
dbSession.delete(user)
dbSession.commit()
storageinterface.delete_container(bucket_id)
dbSession.remove()
return "200"
def login():
"""
UserName Password Login
:return file: Either the homepage or the loginpage
"""
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('home'))
error = None
form = LoginForm(request.form)
if request.method == 'POST':
if form.validate_on_submit():
user = dbSession.query(User).filter(
User.username == request.form['username']).first()
if user is not None and user.sso == "none":
password, salt = user.password.split(':')
if password == hashlib.sha256(
salt.encode() +
request.form['password'].encode()).hexdigest():
session['remember_me'] = form.remember_me.data
login_user(user)
dbSession.remove()
return redirect(
request.args.get('next') or url_for('home'))
else:
error = 'Invalid password'
else:
error = 'Invalid username'
dbSession.remove()
return render_template('login.html', form=form, error=error)
def rest_syncdb_share_file_permission():
name_file_owner = request.json['name_file_owner']
share_username = request.json['username']
permission = request.json['permission']
file_name = request.json['file_name']
etcd_client = init_etcd_connection()
commit_key = '/setPermission/' + share_username + '_' + file_name + '/' + 'commit'
async_commit_queue = Queue()
async_commit_data = FuncThread(listen_commit_status, etcd_client,
commit_key, async_commit_queue)
async_commit_data.daemon = True
async_commit_data.start()
key_path = 'setPermission/' + share_username + '_' + file_name + '/' + 'ack_' + cloudplatform
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
print "key: " + key_path
etcd_client.write(key_path, 2)
print ">>>>> REST API: wrote to etcd..."
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
async_commit_data.join()
commit_res = async_commit_queue.get()
print ">>>> commit result: " + commit_res
if commit_res == "1":
user_file_owner = dbSession.query(User).filter(
User.username == name_file_owner).first()
print "got owner: " + str(user_file_owner.id)
user = dbSession.query(User).filter(
User.username == share_username).first()
print "shared user: "******"userfile" + str(userfile.id)
useruserfile = dbSession.query(UserUserfile).filter(
UserUserfile.user_id == user.id,
UserUserfile.userfile_id == userfile.id).first()
print "useruserfile"
if useruserfile is not None:
print "entry available"
useruserfile.permission = permission
dbSession.commit()
else:
print("set useruserfile")
useruserfile = UserUserfile(userfile, user, permission)
dbSession.add(useruserfile)
dbSession.commit()
etcd_client.write(key_path, 3)
dbSession.remove()
return "200"
def load_user(id):
"""
Function for LoginManager to get a user with specific id
:param string/int id: the id of the user to load
"""
user = dbSession.query(User).filter(User.id == int(id)).first()
dbSession.remove()
return user
def load_user(id):
"""
Function for LoginManager to get a user with specific id
:param string/int id: the id of the user to load
"""
user = dbSession.query(User).filter(User.id == int(id)).first()
dbSession.remove()
return user
def rest_syncdb_share_file_permission():
name_file_owner = request.json['name_file_owner']
share_username = request.json['username']
permission = request.json['permission']
file_name = request.json['file_name']
etcd_client = init_etcd_connection()
commit_key = '/setPermission/' + share_username + '_' + file_name + '/' + 'commit'
async_commit_queue = Queue()
async_commit_data = FuncThread(listen_commit_status, etcd_client, commit_key, async_commit_queue)
async_commit_data.daemon = True
async_commit_data.start()
key_path = 'setPermission/' + share_username + '_' + file_name + '/' + 'ack_' + cloudplatform
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
print "key: " + key_path
etcd_client.write(key_path, 2)
print ">>>>> REST API: wrote to etcd..."
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
async_commit_data.join()
commit_res = async_commit_queue.get()
print ">>>> commit result: " + commit_res
if commit_res == "1":
user_file_owner = dbSession.query(User).filter(User.username == name_file_owner).first()
print "got owner: " + str(user_file_owner.id)
user = dbSession.query(User).filter(User.username == share_username).first()
print "shared user: "******"userfile" + str(userfile.id)
useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user.id,
UserUserfile.userfile_id == userfile.id).first()
print "useruserfile"
if useruserfile is not None:
print "entry available"
useruserfile.permission = permission
dbSession.commit()
else:
print("set useruserfile")
useruserfile = UserUserfile(userfile, user, permission)
dbSession.add(useruserfile)
dbSession.commit()
etcd_client.write(key_path, 3)
dbSession.remove()
return "200"
def register():
"""
UserName Password Register
:return file: either the register page or the homepage
"""
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('home'))
form = RegisterForm()
error = None
if form.validate_on_submit():
# generate randomness
salt = uuid.uuid4().hex
# hashing password
user = dbSession.query(User).filter(
User.username == request.form['username']).first()
email = dbSession.query(User).filter(
User.email == request.form['email']).first()
if user is not None:
error = 'username is already taken'
elif email is not None:
error = 'email was already used'
else:
user_string = "registerUser/" + form.username.data + '/'
password = hashlib.sha256(
salt.encode() +
form.password.data.encode()).hexdigest() + ':' + salt
data = {
'username': form.username.data,
'email': form.email.data,
'password': password,
'sso': 'none'
}
rest_url = '/storage/api/v1.0/syncdb/registeruser'
# call synchronization between cloud dbs
res_db_sync = db_cloud_sync(user_string, rest_url, data)
print "register: res_db_sync: " + str(res_db_sync)
if res_db_sync == -1:
error == '+++++ registration fails, please try it again'
else:
print "+++++ sending was successfull"
# login new user
dbSession_new = scoped_session(
sessionmaker(autocommit=False, bind=dbEngine))
user = dbSession_new.query(User).filter(
User.username == request.form['username']).first()
login_user(user)
dbSession.remove()
return redirect(url_for('home'))
dbSession.remove()
return render_template('register.html', form=form, error=error)
def google_authorized(resp):
"""
Function that gets called by Google oauth after a login
:param resp: the response by google
:return file: Homepage or fail page
"""
next_url = request.args.get('next') or url_for('home')
if resp is None:
# The user likely denied the request
# TODO: excalate error to user: '******'
return redirect(next_url)
try:
session['oauth_token'] = (resp['access_token'], '')
except:
return "400"
user_data = google.get('/userinfo/v2/me').data
user = dbSession.query(User).filter(
User.email == user_data['email']).first()
if user is None:
user_string = "registerUser/" + user_data['id'] + '/'
rest_url = '/storage/api/v1.0/syncdb/registeruser'
data = {
'username': user_data['id'],
'email': user_data['email'],
'password': "******",
'sso': 'google'
}
res_db_sync = db_cloud_sync(user_string, rest_url, data)
if res_db_sync == -1:
error = '+++++ registration fails, please try it again'
print error
else:
print "+++++ sending was successfull"
# login new user
dbSession_new = scoped_session(
sessionmaker(autocommit=False, bind=dbEngine))
user = dbSession_new.query(User).filter(
User.email == user_data['email']).first()
login_user(user)
else:
login_user(user)
dbSession.remove()
return redirect(next_url)
def google_authorized(resp):
"""
Function that gets called by Google oauth after a login
:param resp: the response by google
:return file: Homepage or fail page
"""
next_url = request.args.get('next') or url_for('home')
if resp is None:
# The user likely denied the request
# TODO: excalate error to user: '******'
return redirect(next_url)
try:
session['oauth_token'] = (resp['access_token'], '')
except:
return "400"
user_data = google.get('/userinfo/v2/me').data
user = dbSession.query(User).filter(User.email == user_data['email']).first()
if user is None:
user_string = "registerUser/" + user_data['id'] + '/'
rest_url = '/storage/api/v1.0/syncdb/registeruser'
data = {
'username': user_data['id'],
'email': user_data['email'],
'password': "******",
'sso': 'google'
}
res_db_sync = db_cloud_sync(user_string, rest_url, data)
if res_db_sync == -1:
error = '+++++ registration fails, please try it again'
print error
else:
print "+++++ sending was successfull"
# login new user
dbSession_new = scoped_session(sessionmaker(autocommit=False, bind=dbEngine))
user = dbSession_new.query(User).filter(User.email == user_data['email']).first()
login_user(user)
else:
login_user(user)
dbSession.remove()
return redirect(next_url)
def rest_syncdb_register_user():
new_username = request.json['username']
new_email = request.json['email']
new_password = request.json['password']
new_sso = request.json['sso']
user = dbSession.query(User).filter(User.username == new_username).first()
email = dbSession.query(User).filter(User.email == new_email).first()
etcd_client = init_etcd_connection()
commit_key = "/registerUser/" + new_username + '/' + 'commit'
async_commit_queue = Queue()
async_commit_data = FuncThread(listen_commit_status, etcd_client, commit_key, async_commit_queue)
async_commit_data.daemon = True
async_commit_data.start()
if user is not None:
user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform
etcd_client.write(user_key, 1)
elif email is not None:
user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform
etcd_client.write(user_key, 1)
else:
user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
print "user_key: " + user_key
etcd_client.write(user_key, 2)
print ">>>>> REST API: wrote to etcd..."
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
async_commit_data.join()
commit_res = async_commit_queue.get()
print ">>>> commit result: " + commit_res
if commit_res == "1":
user = User(
username=new_username,
email=new_email,
password=new_password,
sso=new_sso
)
# save new user in database
dbSession.add(user)
dbSession.commit()
# create container/bucket for the new registered user
storageinterface.create_container(user.get_id())
etcd_client.write(user_key, 3)
dbSession.remove()
return "200"
def rest_syncfile_save_file_tmp(user_email, file_name):
print "rest_syncfile_save_file_tmp: ..."
if request.method == 'POST':
# set tmp suffix for saving the file only temporary
file_name += "_tmp"
# if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles
userfile = dbSession.query(Userfile).filter(
Userfile.name == file_name).first()
user = dbSession.query(User).filter(User.email == user_email).first()
user_id = user.get_id()
print("-------------> found user with email : " + user_email +
" and bucket id : " + user_id)
if userfile is None:
if user is None:
return "403" # Forbidden
userfile = Userfile(user_id, file_name)
useruserfile = UserUserfile(userfile, user, 6)
dbSession.add(userfile)
dbSession.add(useruserfile)
dbSession.commit()
# if file exists -> check if file_name, user_id is found with right permission in UserUserfiles
else:
useruserfile = dbSession.query(UserUserfile).filter(
UserUserfile.user_id == user_id,
UserUserfile.userfile_id == userfile.id).first()
if useruserfile is None or useruserfile.permission < 6:
print("return 403")
dbSession.remove()
return '403' # redirect(url_for('403')) # No permission found or permission not sufficient
content = request.json['content']
print("-------------------------------------------------------------")
print(
"Received an external POST in order to save following file temporarily"
)
print("content: " + content)
print("user email: " + user_email)
print("bucketid: " + str(user_id))
print("file_name: " + file_name)
print("-------------------------------------------------------------")
response = "500"
if storageinterface.upload_from_text(user_id, file_name, content):
response = "200"
file_string = "saveFile_tmp/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform
etcd_client = init_etcd_connection()
etcd_client.write(file_string, 2)
dbSession.remove()
return response
def rest_syncdb_register_user():
new_username = request.json['username']
new_email = request.json['email']
new_password = request.json['password']
new_sso = request.json['sso']
user = dbSession.query(User).filter(User.username == new_username).first()
email = dbSession.query(User).filter(User.email == new_email).first()
etcd_client = init_etcd_connection()
commit_key = "/registerUser/" + new_username + '/' + 'commit'
async_commit_queue = Queue()
async_commit_data = FuncThread(listen_commit_status, etcd_client,
commit_key, async_commit_queue)
async_commit_data.daemon = True
async_commit_data.start()
if user is not None:
user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform
etcd_client.write(user_key, 1)
elif email is not None:
user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform
etcd_client.write(user_key, 1)
else:
user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
print "user_key: " + user_key
etcd_client.write(user_key, 2)
print ">>>>> REST API: wrote to etcd..."
print ">>>>>>>>> REST API >>>>>>>>>>>>>>"
async_commit_data.join()
commit_res = async_commit_queue.get()
print ">>>> commit result: " + commit_res
if commit_res == "1":
user = User(username=new_username,
email=new_email,
password=new_password,
sso=new_sso)
# save new user in database
dbSession.add(user)
dbSession.commit()
# create container/bucket for the new registered user
storageinterface.create_container(user.get_id())
etcd_client.write(user_key, 3)
dbSession.remove()
return "200"
def register():
"""
UserName Password Register
:return file: either the register page or the homepage
"""
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('home'))
form = RegisterForm()
error = None
if form.validate_on_submit():
# generate randomness
salt = uuid.uuid4().hex
# hashing password
user = dbSession.query(User).filter(User.username == request.form['username']).first()
email = dbSession.query(User).filter(User.email == request.form['email']).first()
if user is not None:
error = 'username is already taken'
elif email is not None:
error = 'email was already used'
else:
user_string = "registerUser/" + form.username.data + '/'
password = hashlib.sha256(
salt.encode() + form.password.data.encode()).hexdigest() + ':' + salt
data = {
'username': form.username.data,
'email': form.email.data,
'password': password,
'sso': 'none'
}
rest_url = '/storage/api/v1.0/syncdb/registeruser'
# call synchronization between cloud dbs
res_db_sync = db_cloud_sync(user_string, rest_url, data)
print "register: res_db_sync: " + str(res_db_sync)
if res_db_sync == -1:
error == '+++++ registration fails, please try it again'
else:
print "+++++ sending was successfull"
# login new user
dbSession_new = scoped_session(sessionmaker(autocommit=False, bind=dbEngine))
user = dbSession_new.query(User).filter(User.username == request.form['username']).first()
login_user(user)
dbSession.remove()
return redirect(url_for('home'))
dbSession.remove()
return render_template('register.html', form=form, error=error)
def rest_syncfile_save_file_tmp(user_email, file_name):
print "rest_syncfile_save_file_tmp: ..."
if request.method == 'POST':
# set tmp suffix for saving the file only temporary
file_name += "_tmp"
# if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles
userfile = dbSession.query(Userfile).filter(Userfile.name == file_name).first()
user = dbSession.query(User).filter(User.email == user_email).first()
user_id = user.get_id()
print("-------------> found user with email : " + user_email + " and bucket id : " + user_id)
if userfile is None:
if user is None:
return "403" # Forbidden
userfile = Userfile(user_id, file_name)
useruserfile = UserUserfile(userfile, user, 6)
dbSession.add(userfile)
dbSession.add(useruserfile)
dbSession.commit()
# if file exists -> check if file_name, user_id is found with right permission in UserUserfiles
else:
useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user_id,
UserUserfile.userfile_id == userfile.id).first()
if useruserfile is None or useruserfile.permission < 6:
print("return 403")
dbSession.remove()
return '403' # redirect(url_for('403')) # No permission found or permission not sufficient
content = request.json['content']
print("-------------------------------------------------------------")
print("Received an external POST in order to save following file temporarily")
print("content: " + content)
print("user email: " + user_email)
print("bucketid: " + str(user_id))
print("file_name: " + file_name)
print("-------------------------------------------------------------")
response = "500"
if storageinterface.upload_from_text(user_id, file_name, content):
response = "200"
file_string = "saveFile_tmp/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform
etcd_client = init_etcd_connection()
etcd_client.write(file_string, 2)
dbSession.remove()
return response
def rest_delete_file(bucket_id, file_name):
"""
Deletes file in container
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
# 1 check auth.
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 2 only owner is allowed to delete
if int(g.user.get_id()) != bucket_id:
return "403"
# 3 check if this combination really exists
elements = dbSession.query(Userfile).filter((Userfile.folder == bucket_id), (Userfile.name == file_name)).first()
if elements is None:
dbSession.remove()
return "404"
# 4 try a delete-atempt
# ATT [here an exception can lead to desynchronized states]
if storageinterface.file_exists(bucket_id, file_name):
storageinterface.delete_file(bucket_id, file_name)
# no cascade possible, therfore we must remove the foreign-key there manually
references = dbSession.query(UserUserfile).filter(UserUserfile.userfile_id == elements.id)
for ref in references:
dbSession.delete(ref)
dbSession.delete(elements)
dbSession.commit()
dbSession.remove()
return "200"
dbSession.remove()
return "500" # something went wrong
def rest_download_file_to_text(bucket_id, file_name):
"""
Returns specified file in container as text
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return string: The file as a string
"""
# 1 check if user is auth
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
userfile = dbSession.query(UserUserfile, Userfile).filter(
UserUserfile.userfile_id == Userfile.id, Userfile.name == file_name,
UserUserfile.user_id == g.user.get_id(),
Userfile.folder == bucket_id).first()
if userfile is None:
dbSession.remove()
return "404" # Not found
if int(userfile.UserUserfile.permission) < 4:
dbSession.remove()
return "403"
value = storageinterface.download_file_to_text(bucket_id, file_name)
if value is None: # FIXME wat do in this case?
print('Database out of synch with storage!')
value = ""
dbSession.remove()
return value
def rest_download_file_to_text(bucket_id, file_name):
"""
Returns specified file in container as text
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return string: The file as a string
"""
# 1 check if user is auth
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
userfile = dbSession.query(UserUserfile, Userfile).filter(UserUserfile.userfile_id == Userfile.id,
Userfile.name == file_name,
UserUserfile.user_id == g.user.get_id(),
Userfile.folder == bucket_id).first()
if userfile is None:
dbSession.remove()
return "404" # Not found
if int(userfile.UserUserfile.permission) < 4:
dbSession.remove()
return "403"
value = storageinterface.download_file_to_text(bucket_id, file_name)
if value is None: # FIXME wat do in this case?
print('Database out of synch with storage!')
value = ""
dbSession.remove()
return value
def rest_delete_file(bucket_id, file_name):
"""
Deletes file in container
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
# 1 check auth.
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 2 only owner is allowed to delete
if int(g.user.get_id()) != bucket_id:
return "403"
# 3 check if this combination really exists
elements = dbSession.query(Userfile).filter(
(Userfile.folder == bucket_id), (Userfile.name == file_name)).first()
if elements is None:
dbSession.remove()
return "404"
# 4 try a delete-atempt
# ATT [here an exception can lead to desynchronized states]
if storageinterface.file_exists(bucket_id, file_name):
storageinterface.delete_file(bucket_id, file_name)
# no cascade possible, therfore we must remove the foreign-key there manually
references = dbSession.query(UserUserfile).filter(
UserUserfile.userfile_id == elements.id)
for ref in references:
dbSession.delete(ref)
dbSession.delete(elements)
dbSession.commit()
dbSession.remove()
return "200"
dbSession.remove()
return "500" # something went wrong
def rest_list_files(bucket_id):
"""
Lists files in container
:param int bucket_id: The bucket to list
:return string: Json object containing the list of files
"""
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
if int(g.user.get_id()) != bucket_id:
return "403"
# gets every file of g.user
files = dbSession.query(Userfile.name).filter(Userfile.folder == g.user.get_id()).order_by(Userfile.name)
data = []
for _iter_ in files:
data.append(_iter_[0])
json_string = json.dumps(data)
# print(json_string)
dbSession.remove()
return json_string
def rest_share_list_files_read():
"""
Lists files with permission >0
:return string: json with all files with permission > 0
"""
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 1: gets every file with permission > 4 for g.user
# Sample-SQL-command
# SELECT user.username, user_userfile.permission,userfile.id,userfile.folder,userfile.name FROM user_userfile,userfile JOIN user ON user.id = userfile.folder WHERE user_userfile.userfile_id = userfile.id AND user_userfile.user_id = g.user.get_id() ;
files = dbSession.query(UserUserfile, Userfile, User).filter(User.id == Userfile.folder,
UserUserfile.userfile_id == Userfile.id,
UserUserfile.user_id == g.user.get_id(),
UserUserfile.permission >= 4)
# 2 create json with data
data = []
for _iter_ in files:
data.append([_iter_.User.username, _iter_.Userfile.name, _iter_.User.id])
json_string = json.dumps(data)
dbSession.remove()
return json_string
def rest_share_list_files_read():
"""
Lists files with permission >0
:return string: json with all files with permission > 0
"""
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 1: gets every file with permission > 4 for g.user
# Sample-SQL-command
# SELECT user.username, user_userfile.permission,userfile.id,userfile.folder,userfile.name FROM user_userfile,userfile JOIN user ON user.id = userfile.folder WHERE user_userfile.userfile_id = userfile.id AND user_userfile.user_id = g.user.get_id() ;
files = dbSession.query(UserUserfile, Userfile, User).filter(
User.id == Userfile.folder, UserUserfile.userfile_id == Userfile.id,
UserUserfile.user_id == g.user.get_id(), UserUserfile.permission >= 4)
# 2 create json with data
data = []
for _iter_ in files:
data.append(
[_iter_.User.username, _iter_.Userfile.name, _iter_.User.id])
json_string = json.dumps(data)
dbSession.remove()
return json_string
def rest_list_files(bucket_id):
"""
Lists files in container
:param int bucket_id: The bucket to list
:return string: Json object containing the list of files
"""
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
if int(g.user.get_id()) != bucket_id:
return "403"
# gets every file of g.user
files = dbSession.query(Userfile.name).filter(
Userfile.folder == g.user.get_id()).order_by(Userfile.name)
data = []
for _iter_ in files:
data.append(_iter_[0])
json_string = json.dumps(data)
# print(json_string)
dbSession.remove()
return json_string
def rest_overwrite_file_from_text(bucket_id, file_name):
"""
Uploads text to file in container
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
# 1 check auth.
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 2 check if this file really exists
element = dbSession.query(Userfile).filter(
(Userfile.folder == bucket_id), (Userfile.name == file_name)).first()
if element is None:
dbSession.remove()
return "404"
print(element.name)
# 3 get this file again, just to check with right permissions
file_ = dbSession.query(UserUserfile, Userfile).filter(
UserUserfile.userfile_id == Userfile.id,
UserUserfile.user_id == g.user.get_id(),
or_(UserUserfile.permission == 2, UserUserfile.permission == 6),
Userfile.folder == bucket_id, Userfile.name == file_name).first()
if file_ is None:
dbSession.remove()
return '403' # because file exists, this means user has no right to manipulate
print(file_.Userfile.name)
# 4 send new element
content = request.json['content']
response = "200"
if not storageinterface.upload_from_text(bucket_id, file_name, content):
response = "500"
print(response)
dbSession.remove()
return response
def rest_overwrite_file_from_text(bucket_id, file_name):
"""
Uploads text to file in container
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
# 1 check auth.
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 2 check if this file really exists
element = dbSession.query(Userfile).filter((Userfile.folder == bucket_id), (Userfile.name == file_name)).first()
if element is None:
dbSession.remove()
return "404"
print(element.name)
# 3 get this file again, just to check with right permissions
file_ = dbSession.query(UserUserfile, Userfile).filter(UserUserfile.userfile_id == Userfile.id,
UserUserfile.user_id == g.user.get_id(),
or_(UserUserfile.permission == 2,
UserUserfile.permission == 6),
Userfile.folder == bucket_id,
Userfile.name == file_name).first()
if file_ is None:
dbSession.remove()
return '403' # because file exists, this means user has no right to manipulate
print(file_.Userfile.name)
# 4 send new element
content = request.json['content']
response = "200"
if not storageinterface.upload_from_text(bucket_id, file_name, content):
response = "500"
print(response)
dbSession.remove()
return response
def rest_share_file(bucket_id, file_name):
"""
Sets permission for file in db
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
print "rest_share_file: ..."
username = request.json['username']
permission = request.json['permission']
print "username: "******"permission: " + permission
print "bucket id: " + str(bucket_id)
print "filename: " + file_name
# 1. check if logged in user is owner of file_name
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 2. check if Owner of bucket is changing permissions
if int(g.user.get_id()) != bucket_id:
return "403" # Forbidden
# 3. check if file in table Userfile exists
userfile = dbSession.query(Userfile).filter(Userfile.folder == bucket_id, Userfile.name == file_name).first()
if userfile is None:
dbSession.remove()
return "404" # Not found
# 4. check if user_id in table User exists
print("check user")
user = dbSession.query(User).filter(User.username == username).first()
if user is None:
dbSession.remove()
return "404" # Not found
# 5. check if permission allready exists in table UserUserfile
#user_file_owner
user_file_owner = dbSession.query(User).filter(User.id == bucket_id).first()
data = {
'name_file_owner': user_file_owner.username,
'permission': permission,
'bucket_id': bucket_id,
'file_name': file_name,
'username': username
}
print "Username Owner: " + user_file_owner.username
print "file_name: " + file_name
print "username: "******"503"
else:
ret_val = "200"
dbSession.remove()
return ret_val
def rest_upload_from_text(bucket_id, file_name):
"""
Uploads text to new file in container
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles
userfile = dbSession.query(Userfile).filter(
Userfile.name == file_name).first()
user = dbSession.query(User).filter(User.id == bucket_id).first()
if userfile is None:
if user is None:
dbSession.remove()
return "403" # Forbidden
# userfile = Userfile(bucket_id, file_name)
# useruserfile = UserUserfile(userfile, user, 6)
# dbSession.add(userfile)
# dbSession.add(useruserfile)
# dbSession.commit()
# if file exists -> check if file_name, user_id is found with right permission in UserUserfiles
else:
useruserfile = dbSession.query(UserUserfile).filter(
UserUserfile.user_id == user.id,
UserUserfile.userfile_id == userfile.id).first()
if useruserfile is None or useruserfile.permission < 6:
dbSession.remove()
return '403' # redirect(url_for('403')) # No permission found or permission not sufficient
content = request.json['content']
etcd_client = init_etcd_connection()
file_string = "saveFile/" + str(user.id) + '_' + file_name + '/'
# file_string = "saveFile/" + file_name + '/' # 150706 lars - zur besseren Unterscheidung der Dateien.
async_ready_queue = Queue()
thread_listen_ready_list = []
thread_counter_clouds = 0
for hoster in cloud_hoster:
if cloud_hoster[hoster][1] is not None:
hoster_string_ready = "/" + file_string + "ack_" + hoster
pros = FuncThread(listen_ready_ack, etcd_client,
hoster_string_ready, hoster, async_ready_queue)
pros.daemon = True
pros.start()
thread_listen_ready_list.append(pros)
thread_counter_clouds += 1
try:
etcd_client.write(file_string, "", dir=True)
except EtcdNotFile:
for p in thread_listen_ready_list:
p.terminate()
print("terminate")
else:
# wait for all listen_ack processes
for p in thread_listen_ready_list:
p.join()
etcd_cloud_hoster = cloud_hoster
# evaluate results from queue
for i in range(0, thread_counter_clouds):
result = async_ready_queue.get()
for r in result:
if result[r][0]:
etcd_cloud_hoster[r][0] = True
print "+++++ saveFile: ack listener finished..."
data = {'content': content}
email = current_user.email
# create file string with _tmp suffix
file_string_tmp = "saveFile_tmp/" + email + '_' + file_name + '_tmp/'
async_receive_queue = Queue()
thread_listen_receive_list = []
thread_counter_clouds = 0
for hoster in etcd_cloud_hoster:
if etcd_cloud_hoster[hoster][1]:
hoster_string_ready = "/" + file_string_tmp + "ack_" + hoster
pros = FuncThread(listen_ack_etcd, etcd_client,
hoster_string_ready, hoster,
async_receive_queue, "2")
pros.daemon = True
pros.start()
thread_listen_receive_list.append(pros)
thread_counter_clouds = thread_counter_clouds + 1
async_send_data = FuncThread(
send_sync_data, etcd_cloud_hoster, data,
'/storage/api/v1.0/syncfile/savefile_tmp/' + email + '/' +
file_name)
async_send_data.daemon = True
async_send_data.start()
print "+++++ send save file temp data to clouds"
# wait for all listen_ack processes
for p in thread_listen_ready_list:
p.join()
etcd_cloud_hoster = cloud_hoster
# evaluate results from queue
for i in range(0, thread_counter_clouds):
result = async_receive_queue.get()
for r in result:
if result[r][0]:
etcd_cloud_hoster[r][0] = True
print "++++++++ all clouds have saved the file temporarily"
file_string = "saveFile/" + email + '_' + file_name + '/'
async_receive_queue = Queue()
thread_listen_receive_list = []
thread_counter_clouds = 0
for hoster in etcd_cloud_hoster:
if etcd_cloud_hoster[hoster][1]:
hoster_string_ready = "/" + file_string + "ack_" + hoster
pros = FuncThread(listen_ack_etcd, etcd_client,
hoster_string_ready, hoster,
async_receive_queue, "3")
pros.daemon = True
pros.start()
thread_listen_receive_list.append(pros)
thread_counter_clouds = thread_counter_clouds + 1
async_send_data = FuncThread(
send_sync_data, etcd_cloud_hoster, data,
'/storage/api/v1.0/syncfile/savefile/' + email + '/' + file_name)
async_send_data.daemon = True
async_send_data.start()
print "+++++ send save file data to clouds"
# wait for all listen_ack processes
for p in thread_listen_ready_list:
p.join()
etcd_cloud_hoster = cloud_hoster
# evaluate results from queue
for i in range(0, thread_counter_clouds):
result = async_receive_queue.get()
for r in result:
if result[r][0]:
etcd_cloud_hoster[r][0] = True
print "++++++++ all clouds have saved the file"
response = "200"
# if not storageinterface.upload_from_text(bucket_id, file_name, content):
# response = "500"
dbSession.remove()
return response
def rest_syncfile_save_file(user_email, file_name):
print "rest_syncfile_save_file: ..."
if request.method == 'POST':
# if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles
userfile = dbSession.query(Userfile).filter(Userfile.name == file_name).first()
user = dbSession.query(User).filter(User.email == user_email).first()
user_id = user.get_id()
print("-------------> found user with email : " + user_email + " and bucket id : " + user_id)
if userfile is None:
if user is None:
return "403" # Forbidden
userfile = Userfile(user_id, file_name)
useruserfile = UserUserfile(userfile, user, 6)
dbSession.add(userfile)
dbSession.add(useruserfile)
dbSession.commit()
# if file exists -> check if file_name, user_id is found with right permission in UserUserfiles
else:
useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user.id,
UserUserfile.userfile_id == userfile.id).first()
if useruserfile is None or useruserfile.permission < 6:
print("return 403")
dbSession.remove()
return '403' # redirect(url_for('403')) # No permission found or permission not sufficient
file_name_tmp = file_name+"_tmp"
tmp_value = ""
elements = dbSession.query(Userfile).filter((Userfile.folder == user_id), (Userfile.name == file_name_tmp)).first()
if elements is None:
dbSession.remove()
return "404"
if storageinterface.file_exists(user_id, file_name_tmp):
# get tmp file that was saved before
# get value of tmp file
tmp_value = storageinterface.download_file_to_text(user_id, file_name_tmp)
# delete tmp file
storageinterface.delete_file(user_id, file_name_tmp)
# no cascade possible, therfore we must remove the foreign-key there manually
references = dbSession.query(UserUserfile).filter(UserUserfile.userfile_id == elements.id)
for ref in references:
dbSession.delete(ref)
dbSession.delete(elements)
dbSession.commit()
dbSession.remove()
#tmp_value = unicode(tmp_value,"utf-8")
print("-------------------------------------------------------------")
print("Received an external POST in order to save following file")
print("content: " + tmp_value)
print("user email: " + user_email)
print("file_name: " + file_name)
print("-------------------------------------------------------------")
response = "500"
if storageinterface.upload_from_text(user_id, file_name, tmp_value):
response = "200"
file_string = "saveFile/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform
etcd_client = init_etcd_connection()
etcd_client.write(file_string, 3)
dbSession.remove()
return response
def rest_upload_from_text(bucket_id, file_name):
"""
Uploads text to new file in container
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles
userfile = dbSession.query(Userfile).filter(Userfile.name == file_name).first()
user = dbSession.query(User).filter(User.id == bucket_id).first()
if userfile is None:
if user is None:
dbSession.remove()
return "403" # Forbidden
# userfile = Userfile(bucket_id, file_name)
# useruserfile = UserUserfile(userfile, user, 6)
# dbSession.add(userfile)
# dbSession.add(useruserfile)
# dbSession.commit()
# if file exists -> check if file_name, user_id is found with right permission in UserUserfiles
else:
useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user.id,
UserUserfile.userfile_id == userfile.id).first()
if useruserfile is None or useruserfile.permission < 6:
dbSession.remove()
return '403' # redirect(url_for('403')) # No permission found or permission not sufficient
content = request.json['content']
etcd_client = init_etcd_connection()
file_string = "saveFile/" + str(user.id) + '_' + file_name + '/'
# file_string = "saveFile/" + file_name + '/' # 150706 lars - zur besseren Unterscheidung der Dateien.
async_ready_queue = Queue()
thread_listen_ready_list = []
thread_counter_clouds = 0
for hoster in cloud_hoster:
if cloud_hoster[hoster][1] is not None:
hoster_string_ready = "/" + file_string + "ack_" + hoster
pros = FuncThread(listen_ready_ack, etcd_client, hoster_string_ready, hoster, async_ready_queue)
pros.daemon = True
pros.start()
thread_listen_ready_list.append(pros)
thread_counter_clouds += 1
try:
etcd_client.write(file_string, "", dir=True)
except EtcdNotFile:
for p in thread_listen_ready_list:
p.terminate()
print("terminate")
else:
# wait for all listen_ack processes
for p in thread_listen_ready_list:
p.join()
etcd_cloud_hoster = cloud_hoster
# evaluate results from queue
for i in range(0, thread_counter_clouds):
result = async_ready_queue.get()
for r in result:
if result[r][0]:
etcd_cloud_hoster[r][0] = True
print "+++++ saveFile: ack listener finished..."
data = {
'content': content
}
email = current_user.email
# create file string with _tmp suffix
file_string_tmp = "saveFile_tmp/" + email + '_' + file_name + '_tmp/'
async_receive_queue = Queue()
thread_listen_receive_list = []
thread_counter_clouds = 0
for hoster in etcd_cloud_hoster:
if etcd_cloud_hoster[hoster][1]:
hoster_string_ready = "/" + file_string_tmp + "ack_" + hoster
pros = FuncThread(listen_ack_etcd, etcd_client, hoster_string_ready, hoster,
async_receive_queue, "2")
pros.daemon = True
pros.start()
thread_listen_receive_list.append(pros)
thread_counter_clouds = thread_counter_clouds + 1
async_send_data = FuncThread(send_sync_data, etcd_cloud_hoster, data,
'/storage/api/v1.0/syncfile/savefile_tmp/' + email + '/' + file_name)
async_send_data.daemon = True
async_send_data.start()
print "+++++ send save file temp data to clouds"
# wait for all listen_ack processes
for p in thread_listen_ready_list:
p.join()
etcd_cloud_hoster = cloud_hoster
# evaluate results from queue
for i in range(0, thread_counter_clouds):
result = async_receive_queue.get()
for r in result:
if result[r][0]:
etcd_cloud_hoster[r][0] = True
print"++++++++ all clouds have saved the file temporarily"
file_string = "saveFile/" + email + '_' + file_name + '/'
async_receive_queue = Queue()
thread_listen_receive_list = []
thread_counter_clouds = 0
for hoster in etcd_cloud_hoster:
if etcd_cloud_hoster[hoster][1]:
hoster_string_ready = "/" + file_string + "ack_" + hoster
pros = FuncThread(listen_ack_etcd, etcd_client, hoster_string_ready, hoster,
async_receive_queue, "3")
pros.daemon = True
pros.start()
thread_listen_receive_list.append(pros)
thread_counter_clouds = thread_counter_clouds + 1
async_send_data = FuncThread(send_sync_data, etcd_cloud_hoster, data,
'/storage/api/v1.0/syncfile/savefile/' + email + '/' + file_name)
async_send_data.daemon = True
async_send_data.start()
print "+++++ send save file data to clouds"
# wait for all listen_ack processes
for p in thread_listen_ready_list:
p.join()
etcd_cloud_hoster = cloud_hoster
# evaluate results from queue
for i in range(0, thread_counter_clouds):
result = async_receive_queue.get()
for r in result:
if result[r][0]:
etcd_cloud_hoster[r][0] = True
print"++++++++ all clouds have saved the file"
response = "200"
# if not storageinterface.upload_from_text(bucket_id, file_name, content):
# response = "500"
dbSession.remove()
return response
def rest_share_file(bucket_id, file_name):
"""
Sets permission for file in db
:param int bucket_id: The bucket in which the file is in
:param string file_name: The name of the file
:return file: a status response
"""
print "rest_share_file: ..."
username = request.json['username']
permission = request.json['permission']
print "username: "******"permission: " + permission
print "bucket id: " + str(bucket_id)
print "filename: " + file_name
# 1. check if logged in user is owner of file_name
if g.user is None or not g.user.is_authenticated():
return "401" # Unauthorized
# 2. check if Owner of bucket is changing permissions
if int(g.user.get_id()) != bucket_id:
return "403" # Forbidden
# 3. check if file in table Userfile exists
userfile = dbSession.query(Userfile).filter(
Userfile.folder == bucket_id, Userfile.name == file_name).first()
if userfile is None:
dbSession.remove()
return "404" # Not found
# 4. check if user_id in table User exists
print("check user")
user = dbSession.query(User).filter(User.username == username).first()
if user is None:
dbSession.remove()
return "404" # Not found
# 5. check if permission allready exists in table UserUserfile
#user_file_owner
user_file_owner = dbSession.query(User).filter(
User.id == bucket_id).first()
data = {
'name_file_owner': user_file_owner.username,
'permission': permission,
'bucket_id': bucket_id,
'file_name': file_name,
'username': username
}
print "Username Owner: " + user_file_owner.username
print "file_name: " + file_name
print "username: "******"503"
else:
ret_val = "200"
dbSession.remove()
return ret_val
def rest_syncfile_save_file(user_email, file_name):
print "rest_syncfile_save_file: ..."
if request.method == 'POST':
# if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles
userfile = dbSession.query(Userfile).filter(
Userfile.name == file_name).first()
user = dbSession.query(User).filter(User.email == user_email).first()
user_id = user.get_id()
print("-------------> found user with email : " + user_email +
" and bucket id : " + user_id)
if userfile is None:
if user is None:
return "403" # Forbidden
userfile = Userfile(user_id, file_name)
useruserfile = UserUserfile(userfile, user, 6)
dbSession.add(userfile)
dbSession.add(useruserfile)
dbSession.commit()
# if file exists -> check if file_name, user_id is found with right permission in UserUserfiles
else:
useruserfile = dbSession.query(UserUserfile).filter(
UserUserfile.user_id == user.id,
UserUserfile.userfile_id == userfile.id).first()
if useruserfile is None or useruserfile.permission < 6:
print("return 403")
dbSession.remove()
return '403' # redirect(url_for('403')) # No permission found or permission not sufficient
file_name_tmp = file_name + "_tmp"
tmp_value = ""
elements = dbSession.query(Userfile).filter(
(Userfile.folder == user_id),
(Userfile.name == file_name_tmp)).first()
if elements is None:
dbSession.remove()
return "404"
if storageinterface.file_exists(user_id, file_name_tmp):
# get tmp file that was saved before
# get value of tmp file
tmp_value = storageinterface.download_file_to_text(
user_id, file_name_tmp)
# delete tmp file
storageinterface.delete_file(user_id, file_name_tmp)
# no cascade possible, therfore we must remove the foreign-key there manually
references = dbSession.query(UserUserfile).filter(
UserUserfile.userfile_id == elements.id)
for ref in references:
dbSession.delete(ref)
dbSession.delete(elements)
dbSession.commit()
dbSession.remove()
#tmp_value = unicode(tmp_value,"utf-8")
print("-------------------------------------------------------------")
print("Received an external POST in order to save following file")
print("content: " + tmp_value)
print("user email: " + user_email)
print("file_name: " + file_name)
print("-------------------------------------------------------------")
response = "500"
if storageinterface.upload_from_text(user_id, file_name, tmp_value):
response = "200"
file_string = "saveFile/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform
etcd_client = init_etcd_connection()
etcd_client.write(file_string, 3)
dbSession.remove()
return response
